Wire (software)

Last updated
Wire
Developer(s) Wire Swiss GmbH
Initial release3 December 2014;9 years ago (2014-12-03)
Stable release(s)
Android4.3.5 [1]   OOjs UI icon edit-ltr-progressive.svg / 27 September 2023
iOS3.110.1 [2]   OOjs UI icon edit-ltr-progressive.svg / 8 August 2023
Linux3.31.3060 [3]   OOjs UI icon edit-ltr-progressive.svg / 16 May 2023
macOS3.31.4556 [4]   OOjs UI icon edit-ltr-progressive.svg / 16 May 2023
Windows and Windows Phone3.31.4421 [5]   OOjs UI icon edit-ltr-progressive.svg / 16 May 2023
Web0.27 [6]   OOjs UI icon edit-ltr-progressive.svg / 13 July 2023
Server2023-08-16-r2 [7]   OOjs UI icon edit-ltr-progressive.svg / 16 August 2023
Repository
Operating system Android
iOS
Linux
macOS
Windows
Platform
  • Android 7.0 or later
  • iOS 10.0 or later
  • Linux [8]
  • macOS 10.10 or later
  • Windows 7 or later [9]
  • Wire for Web:
    • Firefox 31 or later
    • Chrome 26 or later
    • Safari 7 or later
    • Internet Explorer 11 or later
    • Opera 27 or later
Type Communication software
License
Website wire.com OOjs UI icon edit-ltr-progressive.svg

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. [15] Wire offers three solutions built on its security technology: Wire Pro [16] – which offers Wire's collaboration feature for businesses, Wire Enterprise [17] – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red [18] – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

Contents

History

Skype's co-founder Janus Friis helped create Wire and many Wire employees previously worked for Skype. [19] Wire Swiss GmbH launched the Wire app on 3 December 2014. In August 2015, the company added group calling to their app. [20] From its launch until March 2016, Wire's messages were only encrypted between the client and the company's server. In March 2016, the company added end-to-end encryption for its messaging traffic, as well as a video calling feature. [21] [22] Wire Swiss GmbH released the source code of the Wire client applications in July 2016. [23] [24] In 2018, Wire launched its collaboration solution featuring end-to-end encrypted chat, conferencing, video calls and file-sharing on desktop and mobile for businesses. [25]

Features

Wire offers end-to-end encrypted messaging, file-sharing, video and voice calls, and guest rooms for external communication. [15]

The app allows group calling with up to twenty-five participants and video conferences support up to 12 people. [26] [27] A stereo feature places participants in a "virtual space" so that users can differentiate voice directionality. [20] The application adapts to varying network conditions.

The application supports the exchange of animated GIFs up to 5MB through a media integration with Giphy. [28] The iOS and Android versions also include a sketch feature that allows users to draw a sketch into a conversation or over a photo. [29]

Wire is available on mobile, desktop and web. The web service is called Wire for Web. [30] Wire activity is synced on iOS, Android and web apps. [31] The desktop version supports screen sharing. [32]

Wire's technology solution can be deployed either in the cloud, private cloud or on-premises. [17]

One of the latest features rolled out by Wire is a secure external collaboration capability called 'guest room'. [33] Wire's secure guest rooms feature extends end-to-end encryption to conversations with external parties without requiring them to register, or even download anything. [34]

Wire also includes a function for ephemeral messaging in 1:1 and group conversations. [35] [36]

Technical

Wire provides end-to-end encryption for all features. Wire's instant messages are encrypted with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol. [37] [38] Wire's voice calls are encrypted with DTLS and SRTP. [20] [37] In addition to this, client-server communication is protected by Transport Layer Security. [19]

Wire is currently in the midst of working to develop Messaging Layer Security (MLS), a new protocol designed to facilitate more secure enterprise messaging platforms under The Internet Engineering Task Force (IETF). [39] In 2016, during the IETF meeting in Berlin, Wire proposed a standard that was protected by modern security properties and could be used by companies large and small. [39] During an interview with Dark Reading, [39] Raphael Robert, Head of Security at Wire, mentioned that Messaging Layer Security (MLS) should be ready to integrate into messaging platforms by 2021.[ citation needed ]

Wire's source code is accompanied by the GPLv3 but the readme file states that a number of additional restrictions specified by the Wire Terms of Use take precedence. [40] [41] [42] Among other things, users who have compiled their own applications may not change the way it connects and interacts with the company's centralised servers. [43] [44]

Security

Wire implemented a security by design approach, with security and privacy as core values. [25] Wire is 100% open source with its source code available on GitHub, independently audited, [45] and ISO, CCPA, GDPR, SOX-compliant. [46] [ better source needed ] In December 2016, Wire's whitepapers were reviewed by a security researcher at the University of Waterloo. [47] The researcher praised Wire for its open approach to security, but identified serious issues that still need addressing. These included a man-in-the-middle attack on voice and video communications, possible audio and video leakage depending on unspecified codec parameters, the fact that all user passwords are uploaded to Wire's servers, significant attack surface for code replacement in the desktop client, and the fact that the server was not open-sourced, at the time when that article was written. The researcher described the security of Wire as weak in comparison to Signal, but also depicted its problems as surmountable. Wire's developers announced the addition of end-to-end authentication to Wire's calls on 14 March 2017, [48] and started open-sourcing Wire's server code on 7 April 2017. [49] In March 2017, the review was updated with the conclusion that "the remaining issues with Wire are relatively minor and also affect many of its competitors." [47] However, one major issue that remained was detailed as "the Wire client authenticates with a central server in order to provide user presence information. (Wire does not attempt to hide metadata, other than the central server promising not to log very much information.) The Wire whitepapers spend an unusual amount of space discussing the engineering details of this part of the protocol. However, the method of authentication is the same as it is on the web: the Wire client sends the unencrypted, unhashed password to the central server over TLS, the server hashes the plaintext password with scrypt, and the hash is compared to the hash stored by the server. This process leaks the user's password to the central server; the server operators (or anyone who compromises the server) could log all of the plaintext passwords as users authenticate." [47]

On 9 February 2017, Kudelski Security and X41 D-Sec published a joint review of Wire's encrypted messaging protocol implementation. [50] Non-critical issues were found that had the potential of leading to a degraded security level. The review found that "invalid public keys could be transmitted and processed without raising an error." [50] The report also recommended that other security improvements be implemented to address thread-unsafety risks and sensitive data in memory. [50] Wire's developers have said that "the issues that were discovered during the review have been fixed and deployed on iOS and Android. Deployment is ongoing for Wire for Web and desktop apps." [51]

In 2017, Wire published an article going over the implementation of its end-to-end encryption in a multi-device scenario in response to anonymous accounts on social media publishing misleading information about the app and its security. [52]

In May 2017, Motherboard published an article saying that the Wire servers "keep a list of all the users a customer contacted until they delete their account". [53] Wire Swiss confirmed that the statement was accurate, saying that they keep the data in order to "help with syncing conversations across multiple devices", and that they might change their approach in the future. [53]

Awards

In July 2019, Wire won Capterra's Best Ease of Use award [54] in the team communication software category for its B2B solution. Later that year in October, Wire was recognized by Cybersecurity Breakthrough Awards [55] as the first-ever Secure Communications Solution of the Year awardee. In February 2020, Wire won the Cybersecurity Excellence Awards [56] in the following categories: fastest-growing cybersecurity company, best start-up (EU), open-source security, encryption, and zero-trust security. [57] Simultaneously, Cyber Defense Magazine [58] announced Wire as the Best Messaging Security in an RSA 2020 special edition for the Cyber Defense Awards. [59]

Privacy policy changes

In late 2019, Wire holding moved from Luxembourg to the US, which according to critics made it unclear how much jurisdiction the United States will have over Wire data. [60] The Wire Group Holding moved back to Germany as of 2020. [61]

Business model

Wire Swiss GmbH receives financial backing from a firm called Iconical. [22]

In July 2017, Wire Swiss announced the beta version of an end-to-end encrypted team messaging platform. [62] In October 2017, Wire officially released the team messaging platform as a subscription-based communication solution for businesses [63] and in 2019, announced that Ernst & Young chose Wire to develop a self-hosted, secure collaboration and communication platform. [64]

See also

Related Research Articles

The landscape for instant messaging involves cross-platform instant messaging clients that can handle one or multiple protocols. Clients that use the same protocol can typically federate and talk to one another. The following table compares general and technical information for cross-platform instant messaging clients in active development, each of which have their own article that provide further information.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

<span class="mw-page-title-main">Jitsi</span> Videoconferencing and messaging software

Jitsi is a collection of free and open-source multiplatform voice (VoIP), video conferencing and instant messaging applications for the Web platform, Windows, Linux, macOS, iOS and Android. The Jitsi project began with the Jitsi Desktop. With the growth of WebRTC, the project team focus shifted to the Jitsi Videobridge for allowing web-based multi-party video calling. Later the team added Jitsi Meet, a full video conferencing application that includes web, Android, and iOS clients. Jitsi also operates meet.jit.si, a version of Jitsi Meet hosted by Jitsi for free community use. Other projects include: Jigasi, lib-jitsi-meet, Jidesha, and Jitsi.

Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktops. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

Wickr is an American software company based in New York City, known for its instant messenger application with the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. Wickr was acquired by Amazon Web Services (AWS) mid-2021. They discontinued the free version of the app in December 2023.

<span class="mw-page-title-main">ChatSecure</span> Messaging application

ChatSecure is a messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol. ChatSecure is free and open source software available under the GPL-3.0-or-later license.

<span class="mw-page-title-main">Tox (protocol)</span> Distributed protocol for telephony and instant messaging

Tox is a peer-to-peer instant-messaging and video-calling protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. A reference implementation of the protocol is published as free and open-source software under the terms of the GNU GPL-3.0-or-later.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

<span class="mw-page-title-main">Threema</span> Instant messaging smartphone service

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email addresses for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

Wire Swiss GmbH is a software company with headquarters in Zug, Switzerland. Its development center is in Berlin, Germany. The company is best known for its messaging application called Wire.

<span class="mw-page-title-main">Signal (messaging app)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice calls, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Peerio was a cross-platform end-to-end encrypted application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for iOS, Android, macOS, Windows, and Linux. Peerio (Legacy) was originally released on 14 January 2015, and was replaced by Peerio 2 on 15 June 2017. The app is discontinued.

<span class="mw-page-title-main">Double Ratchet Algorithm</span> Cryptographic key management algorithm

In cryptography, the Double Ratchet Algorithm is a key management algorithm that was developed by Trevor Perrin and Moxie Marlinspike in 2013. It can be used as part of a cryptographic protocol to provide end-to-end encryption for instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

xx messenger is a cross-platform decentralized encrypted instant messaging service developed by PrivaTegrity Corporation. Messages are delivered over a variety of mix network first described in 2016. Users can send one-to-one and group messages, which can include voice notes and images.

References

  1. "Release v4.3.5 · wireapp/wire-android-reloaded · GitHub".
  2. "Release 3.110.1 · wireapp/wire-ios · GitHub".
  3. "Release 3.31.3060 - Linux".
  4. "Release 3.31.4556 - macOS".
  5. "Release 3.31.4421 - Windows".
  6. "Release 2023-07-13-production.0".
  7. "Release v2023-08-16-r2 (Chart Release 4.38.0) · wireapp/wire-server · GitHub".
  8. Sneddon, Joey-Elijah (11 October 2016). "Wire, the Encrypted Chat App, Is Now Available for Linux". OMG! Ubuntu! (Blog). Ohso Ltd. Retrieved 15 October 2016.
  9. "Former Skype team members returning to Windows with Wire for Windows". Supersite for Windows. Retrieved 29 October 2015.
  10. "wireapp/wire-webapp". GitHub. 20 October 2021.
  11. "wireapp/wire-desktop". GitHub. 20 October 2021.
  12. "wireapp/wire-android". GitHub. 20 October 2021.
  13. "wireapp/wire-ios". GitHub. 19 October 2021.
  14. "wireapp/wire-server". GitHub. 19 October 2021.
  15. 1 2 "The most secure collaboration platform · Wire". wire.com.
  16. "Secure business collaboration · Wire". wire.com. 14 September 2018.
  17. 1 2 "Wire technology in your private cloud · Wire". wire.com.
  18. "Wire Red – crisis communication software · Wire". wire.com.
  19. 1 2 Dredge, Stuart (3 December 2014). "Skype co-founder backs Wire - to take on Skype". The Guardian. Retrieved 3 December 2014.
  20. 1 2 3 Pierce, David (12 August 2015). "Messaging App Declares War on Crappy Conference Calls". Wired. Condé Nast. Retrieved 12 August 2015.
  21. Kahn, Jeremy (10 March 2016). "Amid Apple's FBI fight, app developers are ramping up encryption". Chicago Tribune. Tribune Publishing. Archived from the original on 11 March 2016. Retrieved 14 July 2016.
  22. 1 2 Auchard, Eric (11 March 2016). "Skype co-founder launches ultra-private messaging, with video". Reuters. Thomson Reuters. Retrieved 11 March 2016.
  23. Meyer, David (22 July 2016). "Wire Wants to Bring Encrypted Chat to Cars and the Internet of Things". Fortune. Time Inc. Retrieved 25 July 2016.
  24. "Wire Swiss GmbH". GitHub. Retrieved 25 July 2016.
  25. 1 2 "Wire brings secure collaboration to North America". www.businesschief.com. Archived from the original on 2019-08-19. Retrieved 2019-08-19.
  26. Trueman, Charlotte (6 October 2020). "Wire targets Zoom, Teams and others with secure video upgrades". Computerworld.
  27. "Start a video conference call". Wire – Support.
  28. "Wire and Giphy Make Communication Fun". AppMess. 30 June 2015. Retrieved 30 June 2015.
  29. "Communicating "I Love You" in the Emoji Era". PSFK. Retrieved 17 July 2015.
  30. Perez, Sarah. "Skype Co-Founder Backs Wire, A New Communications App Launching Today On iOS, Android And Mac". TechCrunch. Retrieved 2 December 2014.
  31. Sawers, Paul (2 December 2014). "Wire wants to be Skype for the modern age, launches with the backing of Skype co-founder Janus Friis". VentureBeat. Retrieved 2 December 2014.
  32. Lopez, Napier (30 July 2016). "Open-source Wire messenger gets encrypted screen-sharing". The Next Web. Retrieved 1 September 2016.
  33. "Guest rooms · Wire". wire.com. 13 November 2020.
  34. "Invite a guest with an existing Wire account to my team conversations". Wire – Support.
  35. "Safe and tidy with Timed Messages". Wire Swiss. 25 October 2016. Retrieved 26 October 2016.
  36. Mott, Nathaniel (25 October 2016). "Encrypted Messaging Apps Wire And Signal Turn To Ephemeral Messages". Tom's Hardware. Purch Group Inc. Retrieved 26 October 2016.
  37. 1 2 "Wire Security Whitepaper". Wire Swiss GmbH. Retrieved 15 July 2016.[ permanent dead link ]
  38. "Add attribution". GitHub. Wire Swiss GmbH. 9 May 2016. Retrieved 15 July 2016.
  39. 1 2 3 "Inside MLS, the New Protocol for Secure Enterprise Messaging". Dark Reading. 27 June 2019.
  40. wireapp. "wire-desktop/LICENSE at master · wireapp/wire-desktop · GitHub". Github.com. Retrieved 2017-12-16.
  41. wireapp. "wire-ios/README.md at develop ¡ wireapp/wire-ios ¡ GitHub". Github.com. Retrieved 2017-12-16.
  42. "Legal · Wire". Wire.com. Retrieved 2017-12-16.
  43. Menge-Sonnentag, Rainald (27 July 2016). "Wire-Messenger ist jetzt vollständig Open Source". Heise.de (in German). Retrieved 28 July 2016.
  44. "Wire iOS client". GitHub. Wire Swiss GmbH. Retrieved 28 July 2016.
  45. "Wire Security Review – Phase 2 – Web, Calling for Wire Swiss GmbH" (PDF). Kudelski Security. 2018-03-07. Retrieved 2023-10-05.
  46. "Wire Swiss GmbH". GitHub.
  47. 1 2 3 "Wire". Cryptography, Security, and Privacy (CrySP). 28 March 2016. Retrieved 22 August 2017.
  48. "A major upgrade to calling". Medium. Wire Swiss GmbH. 14 March 2017. Retrieved 14 March 2017.
  49. "Open sourcing Wire server code". Wire Swiss GmbH. 7 April 2017. Retrieved 7 April 2017.
  50. 1 2 3 Kudelski Security and X41 D-Sec (8 February 2017). "Security Review – Phase 1" (PDF). X41 D-Sec. Retrieved 9 February 2017.{{cite web}}: CS1 maint: numeric names: authors list (link)
  51. "Wire's independent security review". Medium. Wire Swiss GmbH. 9 February 2017. Retrieved 9 February 2017.
  52. "Key verification to secure your conversations · Wire". wire.com. 15 January 2017.
  53. 1 2 Cox, Joseph (12 May 2017). "Secure Messaging App Wire Stores Everyone You've Ever Contacted in Plain Text". Motherboard. Vice Media LLC. Retrieved 13 May 2017.
  54. "Wire Reviews 2020 - Capterra". www.capterra.com.
  55. "2019 Winners | CyberSecurity Breakthrough Awards".
  56. "Cybersecurity Excellence Awards". Cybersecurity Excellence Awards.
  57. "2020 Cybersecurity Excellence Awards". Cybersecurity Excellence Awards. February 6, 2019.
  58. "StackPath". www.cyberdefensemagazine.com.
  59. "Cyber Defense Awards | The Most Prestigious Cybersecurity Awards in the World – 7 Years Running…". www.cyberdefenseawards.com.
  60. Lomas, Ingrid Lunden and Natasha (2019-11-14). "Messaging app Wire confirms $8.2M raise, responds to privacy concerns after moving holding company to the US". TechCrunch. Retrieved 2024-01-30.
  61. "Business Directory of Wire Group Holdings GMBH". Dun&Bradstreet. Retrieved 30 June 2021.
  62. Lomas, Natasha (20 July 2017). "Wire launches e2e encrypted team messaging in beta". TechCrunch. Oath Inc. Retrieved 22 August 2017.
  63. "Encrypted messaging app Wire is taking on Slack with its new business messenger platform | Verdict". www.verdict.co.uk. 25 October 2017. Retrieved 2017-11-10.
  64. "Wire by EY brings secure messaging to accounting". May 16, 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.